Most active commenters
  • kragen(4)
  • godelski(3)
  • nine_k(3)

←back to thread

Samsung embeds IronSource spyware app on phones across WANA

(smex.org)
845 points the-anarchist | 26 comments | 21 Jun 25 03:06 UTC | HN request time: 2.055s | source | bottom
Show context
boramalper ◴[21 Jun 25 03:56 UTC] No.44334361[source]
I suspect a strong link between mass surveillance (by corporations for advertising or by states for intelligence purposes) and the very recent targeting of the senior Iranian nuclear scientist and military officers at their homes in Iran.

Wherever you are from or whatever side of the conflict you are on, I think we can all agree that it’s never been easier to infer so much about a person from “semi-public” sources such as companies selling customer data and built-in apps that spy on their users and call home. It allows intelligence agencies to outsource intelligence gathering to the market, which is probably cheaper and a lot more convenient than traditional methods.

“Privacy is a human right” landed on deaf ears but hopefully politicians will soon realise that it’s a matter of national security too.

replies(13): >>44334595 #>>44334624 #>>44334697 #>>44334773 #>>44335164 #>>44335631 #>>44336225 #>>44336629 #>>44337014 #>>44337349 #>>44338148 #>>44344811 #>>44346475 #
1. kragen ◴[21 Jun 25 11:22 UTC] No.44336629[source]
The truth is far outside the Overton window.

Yes, privacy is a question of civil defense in the drone age. But the existing crop of states will never acknowledge that; their structure and institutions presume precisely the kind of mass databases of PII that create this vulnerability, as well as institutional transparency for public accountability. This makes them structurally vulnerable to insurgencies that expropriate those databases for targeting. The existing states will continue to clutch at their fantasies of adequately secured taxpayer databases until their territorial control (itself an anachronism in the drone age; boots on the ground can no longer provide security against things like Operation Spiderweb) has been reduced to a few fortified clandestine facilities.

Things are going to be very unpredictable and, I suspect, extremely violent.

replies(2): >>44337277 #>>44339702 #
2. drewbug ◴[21 Jun 25 13:03 UTC] No.44337277[source]
I used to feel this way until I learned about counter-UAS tech.
replies(1): >>44337420 #
3. kragen ◴[21 Jun 25 13:24 UTC] No.44337420[source]
That's wishful thinking. Flying drones aren't the only threat, or the main threat, and there isn't such a thing as "counter-UAS tech", only counter-yesterday's-UAS tech. Radio jamming was "counter-UAS tech" until the mass production of fiber-optic-controlled FPV drones starting five months ago, for example. You can still find vendors marketing it as such.

30 milligrams of high explosive is enough to open your daughter's skull, or, more relevantly, your commanding officer's daughter's skull, and there are a thousand ways to deliver it to her if she can be tracked: in pager batteries, crawling, swimming, floating, waiting for ambush, hitchhiking on migratory birds, hitchhiking on car undercarriages, in her Amazon Prime deliveries, falling from a hydrogen balloon in the mesosphere, and so on. And if 30mg is too much, 2mg of ricin on a mechanical ovipositor will do just as well.

All of this is technically possible today without any new discoveries. At this point it's a straightforward systems development exercise. And you can be sure that there are bad people working for multiple different countries' spy agencies who know this; they don't need me to tell them.

replies(1): >>44337635 #
4. bostik ◴[21 Jun 25 13:54 UTC] No.44337635{3}[source]
> 30 milligrams of high explosive is enough to open your daughter's skull, or, more relevantly, your commanding officer's daughter's skull, and there are a thousand ways to deliver it

While we are talking about flying drones, we are not far off from Slaughterbots becoming reality.[0] Why bother with surgical assassinations if you can blanket entire regions with with swarms of autonomous seek-and-destroy explosives?

After all, as last two years have so amply demonstrated: people are fine with genocide.

0: https://www.youtube.com/watch?v=O-2tpwW0kmU

replies(5): >>44337823 #>>44337947 #>>44339472 #>>44340651 #>>44345068 #
5. gruez ◴[21 Jun 25 14:21 UTC] No.44337823{4}[source]
>After all, as last two years have so amply demonstrated: people are fine with genocide.

Last two years? Try last few decades at the very least. People only care about the war in Gaza more because it's controversial. For non-controversial cases people just agree it's bad but shrug their shoulders.

https://en.wikipedia.org/wiki/Bosnian_genocide

https://en.wikipedia.org/wiki/Rwandan_genocide

https://en.wikipedia.org/wiki/Darfur_genocide

replies(3): >>44338177 #>>44350733 #>>44354765 #
6. kragen ◴[21 Jun 25 14:39 UTC] No.44337947{4}[source]
Slaughterbots is just the beginning; it's definitely too late to prevent that scenario now.

Why bother? For the same reason to bother with surgical assassinations if you can blanket entire regions with nuclear fireballs. Radioactive wastelands are unprofitable! This is a general problem with genocide: it only gets you land, and since the Green Revolution land is abundant. Protection rackets, on the otehr hand, are highly profitable, but only with some exclusivity; if extortionists multiply, the unique Nash equilibrium is multiple gangs that collectively demand many times the victims' total revenues, resulting in ecological collapse.

More generally, the threat of violence is only effective as a form of coercion when you can credibly withdraw the violence as a reward for compliance. Violence provides no incentive to comply to someone who believes they are just as likely to be a victim whether they comply or not.

But swarms of autonomous seek-and-destroy explosives are plausibly the most effective way to provide that surgical-assassination threat, perhaps combined with poisons, solid penetrators, and/or incendiaries. The Minority Report spiders (not yet technically feasible) or a quadcopter can be enormously more selective than a GBU-57, a Hellfire missile, or even a hand grenade, and can choose to avert their attack at the last millisecond upon the presentation of properly signed do-not-assassinate orders, even if long-distance communication is jammed.

replies(2): >>44339391 #>>44348566 #
7. jonah ◴[21 Jun 25 15:12 UTC] No.44338177{5}[source]
What's ridiculous is that it's even seen as controversial by some.
replies(1): >>44340401 #
8. godelski ◴[21 Jun 25 18:06 UTC] No.44339472{4}[source]
What's important to remember is that we get to Slaughterbots with "best intentions." Trying to feel safer. Trying to kill our enemies. Trying to protect our friends, families, children. Little by little is how it happens. The road to hell is paved, after all.
replies(1): >>44348381 #
9. fpoling ◴[21 Jun 25 18:34 UTC] No.44339702[source]
This has been going on in Russia on massive scale. For bribes officials sells anything including highly sensitive databases. Those were used to uncover various Kremlin-run assassins targeting oppositions. Then Ukrainian special services used those to target high-ranking Russian military officers. Russia tried to crack down on that but it just increased the database price tag.
replies(2): >>44340127 #>>44341309 #
10. kragen ◴[21 Jun 25 19:33 UTC] No.44340127[source]
Do you have sources for that? No problem if they're not in English.
replies(2): >>44340298 #>>44401347 #
11. ponector ◴[21 Jun 25 19:54 UTC] No.44340298{3}[source]
Here is an example of such investigation into russian general: https://youtu.be/alUPgLLIxeM?si=0x1QtJrJf2yfPCZi

Or investigation into some russian topics: https://theins.ru/en/inv

12. tomalbrc ◴[21 Jun 25 20:09 UTC] No.44340401{6}[source]
It is will how some people will live in their bubble and not see the controversies
13. autoexec ◴[21 Jun 25 20:51 UTC] No.44340651{4}[source]
It's sad that it was only months after that video was released that autonomous drones were being used to kill people in war. That video was meant as a warning but it was totally ignored.
14. mattigames ◴[21 Jun 25 22:47 UTC] No.44341309[source]
If Putin didn't want bribery to go rampant he would set the example, and force other top leaders to do the same, but instead he flaunts his properties, yats, women that he enjoys; but it's probably a price too high for him to pay. I bet Xi Ping enjoys similar privileges but in much more private manner.
replies(1): >>44350596 #
15. MoonGhost ◴[22 Jun 25 08:27 UTC] No.44345068{4}[source]
> After all, as last two years have so amply demonstrated: people are fine with genocide.

And open war crimes like intentionally killing civilians (TV broadcasters in Iran for example, or Gaza en mass)

16. nine_k ◴[22 Jun 25 16:57 UTC] No.44348381{5}[source]
Well, no. People with outright evil intentions, the kind that would hire a hitman, definitely also pour money and brains into the very same research.

Technologies are morally agnostic: a knife, a rifle, a piece of cryptography, they all work equally well for the noblest and the most nefarious purposes. It's the humans' task to structure the society in such a way that good uses of technology mostly dominate evil uses.

replies(1): >>44349437 #
17. nine_k ◴[22 Jun 25 17:21 UTC] No.44348566{5}[source]
This is correct. But the surgical precision is only enabled by the fact that a person can be reasonably well located and tracked. It's likely not hard to pinpoint a specific person of interest in a vast metropolis, but, IMHO, really hard or impossible to locate a specific wild zebra in an African savanna, because they do not wear tracking devices, and inhabit large areas. So you can target e.g. me in NYC much more easily than some specific zebra, even though the zebra is likely less intellectual and less privacy-conscious.

Hence, I suppose, important figures will eventually disappear from the public eye. Definitely, a president or a governor must be present in person at many events. But e.g. CEOs of military contractors, or even key scientists and developers in certain fields, may start to fade away, turn pseudonymous, and virtualize, now that remote work and videoconferencing is normalized. They would still be somehow trackable as normal citizens, but their visible connection to their work would be severed and kept an utmost secret, literally a life-and-death secret.

This would be good news for national defense, but bad news for any dissenters who cross any powerful-enough entities for those to consider an assassination or at least blackmailing. Unlike a hitman, a hit drone can be completely and safely destroyed beyond recognition within an hour, by burning it and grinding the ashes.

Also, precisely delivered non-lethal means could be quite effective, and hard to track. Inject or just spray a bad virus to disable your opponent for several critical months. Spray a potent allergen if the target is allergic. Inject some LSD into politician's bloodstream an hour before an important meeting or speech. "Innocent" stuff like that.

18. godelski ◴[22 Jun 25 19:06 UTC] No.44349437{6}[source]
You're missing the substance of what I've said. No one is denying evil people exist. But take a few more seconds to process what I said...
replies(1): >>44350023 #
19. nine_k ◴[22 Jun 25 20:28 UTC] No.44350023{7}[source]
I know that the road to hell is paved with best intentions. My point is that the pavement is not 100% best intentions, some intentions are outright bad, and we should acknowledge that, and prepare to face that.
replies(1): >>44351151 #
20. chrz ◴[22 Jun 25 21:50 UTC] No.44350596{3}[source]
if you think you can stop bribery in communism regime then i have some news for you
replies(2): >>44350860 #>>44354710 #
21. chrz ◴[22 Jun 25 22:11 UTC] No.44350733{5}[source]
People care because they follow news. You dont send reporters where you dont want news about.
22. solace_silence ◴[22 Jun 25 22:34 UTC] No.44350860{4}[source]
Agreed, they should call it campaign contributions like the U.S.
23. godelski ◴[22 Jun 25 23:31 UTC] No.44351151{8}[source]
Yes, I understand. I was trying to point out that essentially everyone default understands that, so it does not need be said. Bad causes bad, people know this or are hopeless. Good causes bad is non-obvious and needs constant reminder.
24. aleph_minus_one ◴[23 Jun 25 11:41 UTC] No.44354710{4}[source]
Russia is not a communist country (anymore).
25. aleph_minus_one ◴[23 Jun 25 11:47 UTC] No.44354765{5}[source]
In many European countries people do care about the Bosnian genocide - I mean the geographical distance is not that far from where they live.

This also explains the more prevalent ignorance concerning the other two genocides of your list: they are simply for away from the place the respective person lives.

26. dredmorbius ◴[27 Jun 25 23:53 UTC] No.44401347{3}[source]
This is sufficiently-well established presently that it's almost hard to find specific documentation as it's largely accepted fact. I'm finding few hits post-2019, so it's possible that data practices have improved.

WNYC's On the Media carried several interviews with a documentarian filming Alexy Navalny as Navalny and the documentarian team identified Navalny's (initial) would-be assassins, including various FSB agents. They specifically targeted a person they'd think might have weak opsec, a scientist directly engaged in producing nerve agents (novichok IIRC). His core competence was chemistry rather than spycraft. The documentary team included a former Bellingcat investigator:

Brooke Gladstone: In the months following Navalny's poisoning, Christo Grozev, former lead Russia investigator at Bellingcat, was stuck in Vienna with filmmaker Daniel Roher. The two had just been booted from Ukraine where they had been trying to film an investigation. Now Grozev had lots of time on his hands and a laptop and a fresh stack of data from the Russian black market....

Christo Grozev: When we were looking at the Navalny poisoning, we thought, "Well, they must have used the same scientists. They can't have hundreds of scientists who do this. This has to be kept top secret. These people have to take the risk to manufacture this toxin." I started looking at the phone records of these scientists, and we bought them on the Russian markets where you can buy absolutely any kind of data.... [Navalny's people] provided the data of how Navalny had traveled to what locations. I matched it to the known travel data of the poisoners and spies. We saw this pattern, essentially a group of six to eight FSB poisoners had been tailing him for more than four years to a total of 66 different towns and cities.

<https://www.wnycstudios.org/podcasts/otm/episodes/revisiting...>

Other general coverage (searching "russia black market data"):

"Russian data theft: Shady world where all is for sale" (26 May 2019)

According to cyber-security experts, vast quantities of supposedly private data - including from Russian state institutions - are bought and sold every day....

<https://www.bbc.com/news/world-europe-48348307>

And for a long time. From 2009:

Goldmine of black market in Russian data

Gorbushka Market, just outside central Moscow, does a thriving trade in any electronics good you could want: mobile phones, plasma television sets, the latest DVDs, and, if you ask to see them, software peddlers will show potential clients a list of “databases”.

These consist of CDs with names such as “Ministry of Interior – Federal Road Safety Service”, “Tax Service” and “Federal Anti-Narcotics Service” and cost about $100 apiece. Each contains confidential information gathered by Russian law enforcement or government agencies: anything from arrest records, personal addresses, passport numbers, phone records or address books to bank account details, known associates, tax data and flight records are on offer...

<https://www.ft.com/content/07dedd34-d921-11de-b2d5-00144feab...>

Archive: <https://archive.is/UPPHK>

And 2005:

"In the stolen-data trade, Moscow is the Wild East"

<https://web.archive.org/web/20050708015611/http://www.globet...>

Adjacent article on Bellingcat OSINT generally (2024), though nothing on black markets:

"The forensic empire that is Bellingcat"

<https://www.theprojectcounselgroup.com/2024/06/19/the-forens...>